Simple PHP anti-injection content filtering method. Content filtering is mostly intended to prevent some security injection or cross-origin operations. let's take a look at some simple anti-injection content filtering program code I 've compiled, I hope the article will filter the content mostly to prevent some security injection or cross-domain operations. let's take a look at some simple anti-injection content filtering program code I 've compiled, I hope the article will help you.
Method 1: filter useless content
You can find other filtering methods on the Internet:
The code is as follows: |
|
Function checkHtml ($ data ){ $ Ret = preg_match ("/['.,:;*?~ '! @ # $ % ^ & + =) (<>{}] | [|/| \ | "|/", $ Data ); If ($ ret = 1 ){ Return false; exit; } Else { Return true; } } |
Example 2 filter some html tags
The code is as follows: |
|
Function uh ($ str) { $ Farr = array ( "/S +/", // filter unnecessary spaces "/<(/?) (Scripti? Framestylehtmlbodytitlelinkmeta? %) ([^>] *?)> /IsU ", // filter"/(<[^>] *) On [a-zA-Z] + s * = ([^>] *>)/isU ", // filter javascript on events ); $ Tarr = array ( "", "<\ 1 \ 2 \ 3>", // If you want to directly clear insecure labels, leave it blank. "\ 1 \ 2 ", ); $ Str = preg_replace ($ farr, $ tarr, $ str ); Return $ str; }
|
Method 3: The above two methods put the content to be filtered in the program. below I will put the content to be filtered in a txt text, the first time I read the file content for judgment, this facilitates the maintenance of the content to be filtered.
The code is as follows: |
|
If ($ _ POST) { // You can convert the file content to an array: /* $ Fcon = file_get_contents ("./filter.txt "); $ Filter_word = explode ("n", $ fcon ); */ $ Filter_word = file ("./filter.txt "); // $ Filter_word = array ("test1", "test2", "test3", "test4 "); $ Str = $ _ POST ["mess"]; For ($ I = 0; $ I { If (preg_match ("/". (trim ($ filter_word [$ I]). "/I", $ str )) { Echo "script" alert ('the content you entered contains illegal content. please try again! '); Script "; Echo "back "; Exit; } } Echo "the content you entered is:". $ str; } ?> Test whether the filter is effective:
|
...